Menu

The blog

CMS Expands Access to Medicare Data

The Centers for Medicare & Medicaid Services (CMS) finalized new rules on Friday that will expand access to analyses and data, helping providers, employers, and others make more informed decisions about care delivery and quality improvement. The new rules, as required by the Medicare Access and CHIP Reauthorization Act (MACRA), allow organizations approved as qualified entities to confidentially share or sell analyses of Medicare and private sector claims data to providers, employers, and other groups who can use the data to support improved care. In addition, qualified entities may provide or sell claims data to providers and suppliers, such as doctors, nurses, and skilled nursing facilities among others. The rule also includes strict privacy and security requirements for all entities receiving patient identifiable and beneficiary de-identified analyses or data, as well as expanded annual reporting requirements. For example, if entities receive patient identifiable data or analyses, they must use protections that are at least as stringent as what is required of covered entities and their business associates for protected health information (PHI) under the HIPAA Privacy and Security Rules.

This initiative is part of a broader effort by the Obama Administration to use data to help create a health care system that delivers better care for patients, spends dollars more wisely, and results in healthier people.

“Increasing access to analyses and data that include Medicare data will make it easier for stakeholders throughout the healthcare system to make smarter and more informed healthcare decisions,” said CMS Chief Data Officer Niall Brennan.

The Qualified Entity Program was authorized by Section 10332 of the Affordable Care Act and allows organizations that meet certain qualifications to access patient-protected Medicare data to produce public reports. Qualified entities must combine the Medicare data with other claims data (e.g., private payer data) to produce quality reports that are representative of how providers and suppliers are performing across multiple payers, for example Medicare, Medicaid, or various commercial payers. Currently, 15 organizations have applied and received approval to be a qualified entity. Of these organizations, two have completed public reporting while the other 13 are preparing for public reporting. Additional information on the qualified entity program can be found at the Qualified Entity Certification Program website.

The rules seek to enhance the current qualified entity program to allow innovative use of Medicare data for non-public quality improvement and care delivery efforts while ensuring the privacy and security of beneficiary information. For example, qualified entities can conduct analyses on chronically ill or other resource-intensive populations to increase quality and drive-down costs in the healthcare system. The final rule contains few changes from the proposed rule. Future rulemaking is anticipated to expand the data available to qualified entities to include standardized extracts of Medicaid data. The final rule is on display at the Office of the Federal Register.